Full title: WordPress IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection 
Category: web applications
Platform: php
The "order" and "orderby" parameter is vulnerable for SQL Injection
 Example URL: http://127.0.0.1:9001/wordpress/wp-admin/admin.php?page=3Din=
ic_faq&orderby=3D<sqli>
PoC take some time to finish (15min on my Testsystem).
I could speed it up with Multithreading but I'm to lazy right now

# 0day.today @ http://0day.today/